Advertisement

On Computationally Secure Authentication Tags Requiring Short Secret Shared Keys

  • Gilles Brassard

Abstract

As an application of strongly universal-2 classes of hash functions, Wegman and Carter have proposed a provably secure authentication tag system.1 Their technique allows the receiver to be certain that a message is genuine. An enemy, even one with infinite computing power, cannot forge or modify a message without detection. Moreover, there are no messages that just happen to be easy to forge. Unfortunately, their scheme requires that the sender and the receiver share a rather long secret key if they wish to use the system more than once. Indeed, the length of the key is essentially n log(1/p), where n is the number of messages they wish to be able to authenticate before having to agree on a new secret key, and p is the probability of undetected forgery they are willing to tolerate. Since they also proved that n log(1/p) is a lower bound on the number of bits required by any tag system that assures security against infinite computing power, it is clearly necessary to resort to computational complexity if we wish to have a scheme usable in practice allowing a potentially very large number of messages to be authenticated.

Keywords

Hash Function Sequence Number Signature Scheme Authentication Scheme Receiver Share 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    M.N. Wegman and J.L. Carter, New Hash Functions and Their Use in Authentication and set Equality, JCSS, 22: 265 (1981).Google Scholar
  2. 2.
    W. Diffie and M.E. Hellman, New Directions in Cryptography, IEEE Trans. Info. Th., IT-22: 644 (1976).Google Scholar
  3. 3.
    R.L. Rivest, A. Shamir and L. Adleman, On Digital Signature and Public-Key Cryptosystems, CACM, 21: 120 (1978).Google Scholar
  4. 4.
    A. Shamir, A Polynomial-Time Algorithm for Breaking the Basic Merkle-Hellman Cryptosystem, in: “Proc. of 23rd FOCS Symposium, Chicago,” IEEE, New York (1982).Google Scholar
  5. 5.
    L. Adleman, On Breaking the Iterated Knapsack Public-Key Cryptosystem, presented at: “AMS Workshop on Probabilistic Computational Com- plexity, Durham,” A. Meyer, chair. (1982).Google Scholar
  6. 6.
    R. Merkle and M.E. Hellman, Hiding Information and Receipts in Trap-Door Knapsacks, IEEE Trans. Info. th., IT-24: 525 (1978).Google Scholar
  7. 7.
    M.O. Rabin, Digitalized Signatures and Public-Key Functions as Intractable as Factorization, MIT/LCS/TR-212 (1979).Google Scholar
  8. 8.
    S. Goldwasser and S. Micali, Probabilistic Encryption How to Play Mental Poker Keeping Secret all Partial Information, in: “Proc. of 14th STOC Symposium, San Francisco,” ACM, New York (1982).Google Scholar
  9. 9.
    S. Goldwasser, S. Micali and A. Yao, On Authentication, Digital Signatures and Contracts in Presence of Meddler, in: “Advances in Cryptography: Proceedings of CRYPTO 82,” R. Rivest, ed., Plenum Press, New York (1983).Google Scholar
  10. 10.
    National Bureau of Standards, Federal Information Processing Standards Publication no. 46.Google Scholar
  11. 11.
    M. Blum and S. Micali, How to Generate Cryptographically Strong Sequences of Pseudo Random Bits, in: “Proc. of 23rd FOCS Symposium, Chicago,” IEEE, New York (1982).Google Scholar
  12. 12.
    A. Yao, Theory and Application of Trapdoor Functions, in: “Proc. of 23rd FOCS Symposium, Chicago,” IEEE, New York (1982).Google Scholar
  13. 13.
    R.R. Coveyou and R.D. MacPherson, Fourier Analysis of Uniform Random Number Generators, JACM, 14: 100 (1967).Google Scholar
  14. 14.
    G.B. Kolata, New Codes Coming into Use, Science Magazine, 208: 694 (1980).Google Scholar
  15. 15.
    C.H. Bennett, G. Brassard, S. Breidbart and S. Weisner, Quantum Cryptography, or Unforgeable Subway Tokens, in: “Advances in Cryptography: Proceedings of CRYPTO 82,” R. Rivest, ed., Plenum Press, New York (1983).Google Scholar
  16. 16.
    L. Blum, M. Blum and M. Shub, A Simple Secure Pseudo-Random Number Generator, in: “Advances in Cryptography: Proceedings of CRYPTO 82,” R. Rivest, ed., Plenum Press, New York (1983).Google Scholar
  17. 17.
    S. Goldwasser, S. Miceli and P. Tong, How to Establish a Private Code on a Public Network, in: “Proc. of 23rd FOCS Symposium, Chicago,” IEEE, New York (1982).Google Scholar

Copyright information

© Springer Science+Business Media New York 1983

Authors and Affiliations

  • Gilles Brassard
    • 1
  1. 1.Département d’informatique et de recherche opérationnelleUniversité de MontréalMontréalCanada

Personalised recommendations